General Information


Job Description IT SECURITY ANL 3 Working Title IT Security Engineer
Job Code 007338 Grade 23
Department Name SOM Finance & Administration - D02013 Department Head Simon Linwood
Supervisor Matthew Summerville Effective Date
Position(s) Directly Supervised
Job Code Title FTE

Generic Scope
Experienced professional who knows how to apply theory and put it into practice with in-depth understanding of the professional field; independently performs the full range of responsibilities within the function; possesses broad job knowledge; analyzes problems/issues of diverse scope and determines solutions.

Custom Scope
Applies skills as a seasoned, experienced IT security professional with a full understanding of industry practices, governmental regulations and campus, medical center or Office of the President policies and procedures to resolve a wide range of complex issues. Demonstrates competency in recommending methods and techniques to obtain results.

Department Custom Scope
The IT Security Engineer is responsible for monitoring, detecting, protecting, and maintaining the security of data, systems, and networks for the UCR School of Medicine and UCR Health. Helps maintain the confidentiality, integrity, and availability of institutional information by applying complex and/or moderate-scale security policies and configurations. Operates and maintains security-focused information systems, supports the security hardening of information systems, and advances enterprise security practices. Investigates, analyzes, and responds to immediate and potential threats, using mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Conducts endpoint and network digital forensics activities and facilitates automation and orchestration of incident response activities. May conduct penetration testing and network scanning activities to report, identify, and track assets and vulnerabilities throughout the systems lifecycle. Acts as a security systems administrator including planning, configuring, designing, developing, implementing and maintaining tools, systems, and procedures to ensure the integrity, reliability, and security of data, systems, and networks. Maintains service standards while working with constituents to resolve issues related to security controls.

Education & Experience Requirements

Education Requirements
Degree Requirement
Bachelor's degree in related area and/or equivalent experience/training. Required

Experience Requirements
Experience Requirement
4 - 7 years of related experience. Required
Experience managing security tools Required
Experience completing vulnerability scanning and/or penetration testing. Preferred
Experience supporting enterprise information systems Preferred
Experience conducting security event triage, incident response and/or digital forensics Preferred
Related experience in healthcare industry Preferred

License Requirements
License Requirement
Must possess or obtain a Valid CA Drivers License in accordance with the California Department of Motor Vehicles, if driving a university/personal vehicle for university related business Preferred

Certification Requirements
Certification Requirement
Information Security certification such as CEH, CASP+, CISSP, Azure Security, CCSP, etc. Preferred
System Admin certification such as M365, MCSE, RHCSA, CCNA, etc. Preferred

Educational Condition Requirements
Condition Requirement
Continuously maintain expert-level security certification within 6 months of hire Preferred

Key Responsibilities

Description % Time
Applies, configures and manages complex security systems. Administers complex security configurations to control access to hardware, software and networks. Applies advanced encryption methods.
  • Plans, configures, designs, develops, implements and maintains tools, systems, and procedures to ensure the integrity, reliability, and security of data, systems, and networks. Operates and maintains security-focused information systems, supports the security hardening of information systems, and advances enterprise security practices. Proactively identify opportunities and implement solutions to automate and otherwise improve information security operational processes. Manages systems and services involving multiple, integrated systems. Makes recommendations for purchase or upgrade of new computer hardware, software and services. Performs moderately complex analysis to acquire, install, modify and support operating systems, software, databases, utilities and / or tools. Creates project plans. Understands and applies industry practices, community standards and department / unit policies and procedures relating to work assignments. May serve as technical lead for a project of moderate scope. Trains users. Negotiates project plans with stakeholders. May conduct penetration testing and network scanning activities to report, identify, and track assets and vulnerabilities throughout the systems lifecycle.
 40
Implements complex and/or moderate-scale security controls to prevent unauthorized access or changes to campus, medical center or Office of the President information, hardware, software and/or network infrastructure. Independently researches, analyzes and addresses attempted efforts to compromise security protocols. Advises departments on security prevention and best practices.
  • Helps maintain the confidentiality, integrity, and availability of institutional information by applying complex and/or moderate-scale security policies and configurations. Research and provide input on information security policies, trusted computing architectures, and security engineering practice/process. Resolves procedural and technical issues in the context of department policies and procedures. Interacts with teams of advanced IT professionals as a proactive member. Maintains service standards while working with constituents to resolve issues related to security controls.
 25
Collects, examines, analyzes and reports to management regarding the causes, effects and implications of security incidents. Applies advanced IT security concepts, governmental regulations, departmental and campus, medical center or Office of the President policies and procedures to respond to and appropriately escalate complex IT security incidents.
  • Investigates, analyzes, and responds to immediate and potential threats, using mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Performs threat and vulnerability assessment, prevention, monitoring, detection and remediation. Conducts endpoint and network digital forensics activities and facilitates automation and orchestration of incident response activities.
 20
Additional IT Security-related tasks as assigned or according to procedure/standard; examples include, but are not limited to, systems automation, risk assessments, security awareness activities, and development of or updating policies, procedures, standards, and guidance.
15

Knowledge, Skills & Abilities

Knowledge/Skill/Ability Requirement
Ability to follow department processes and procedures. Required
Demonstrated experience selecting and applying appropriate data encryption technologies. Required
Basic skill at reading and interpreting security logs. Required
Knowledge of computer hardware, software and network security issues and approaches. Required
Demonstrated skill at administering complex security controls and configurations to computer hardware, software and networks. Required
Knowledge of other areas of IT, department processes and procedures. Required
Demonstrated skills applying security controls to computer software and hardware. Required
Experience using IT security systems and tools. Knowledge of data encryption techniques. Experience analyzing logs for security breaches. Required
Knowledge and experience implementation of IT Security frameworks, such as CIS Critical Security Controls, NIST 800-66 rev 2, and/or NIST Cybersecurity Framework. Required
Experience in incident response and digital forensics including data collection, examination and analysis. Preferred
Interpersonal skills sufficient to work effectively with both technical and non-technical personnel at various levels in the organization. Preferred

Special Requirements & Conditions
Special Condition Requirement
Must pass a background check. Required
Occasional travel for university related business meetings, conferences and/or professional development. Required

Other Special Requirements & Conditions

Level of Supervision Received
General Supervision

Environment

Working Environment
UC Intelli-Center: 14350 Meridian Pkwy, Riverside, CA

Other Requirements

Items Used
  • Standard Office Equipment

Physical Requirements
  • Bend : Occasionally
  • Sit : Constantly
  • Squat : Occasionally
  • Stand : Occasionally
  • Crawl : Occasionally
  • Walk : Occasionally
  • Climb : N/A

Mental Requirements
  • Read/Comprehend : Frequently
  • Write : Frequently
  • Perform Calculations : Occasionally
  • Communicate Orally : Occasionally
  • Reason & Analyze : Frequently

Environmental Requirements
  • Is exposed to excessive noise : No
  • Is around moving machinery : No
  • Is exposed to marked changes in temperature and/or humidity : No
  • Drives motorized equipment : No
  • Works in confined quarters : No
  • Dust : No
  • Fumes : No

Critical Position

Is Critical Position: Yes

More Information

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Career OpportunitiesUCR Libraries
Campus StatusMaps and Directions

Department Information

Human Resources
1160 University Ave.
Riverside, CA 92521

Fax: (951) 827-6493
E-mail: jobshelp@ucr.edu

Related Links

Footer